letsencrypt: FIX CN parsing to work with OpenSSL 1.1 (#25935)

As we can see in 9537453586 : CN used to be without whitespaces around the `=` but OpenSSL 1.1 introduced whitespaces: 1.0.1: subject=/CN=example.com 1.1.0: subject=CN = example.com This commit makes them optional. OpenSSL 1.1 is present on the newly-released Debian Stretch, so absence of this fix makes us not being able to use this module on this distro.
7 years ago · 9474f20f2d
parent 3bd8dbb53d
commit 9474f20f2d
1 changed files with 1 additions and 1 deletions
--- a/lib/ansible/modules/web_infrastructure/letsencrypt.py
+++ b/lib/ansible/modules/web_infrastructure/letsencrypt.py
@ -536,7 +536,7 @@ class ACMEClient(object):
        _, out, _ = self.module.run_command(openssl_csr_cmd, check_rc=True)

        domains = set([])
-        common_name = re.search(r"Subject:.*? CN=([^\s,;/]+)", out.decode('utf8'))
+        common_name = re.search(r"Subject:.*? CN\s?=\s?([^\s,;/]+)", out.decode('utf8'))
        if common_name is not None:
            domains.add(common_name.group(1))
        subject_alt_names = re.search(r"X509v3 Subject Alternative Name: \n +([^\n]+)\n", out.decode('utf8'), re.MULTILINE | re.DOTALL)